Sign-up

ID

VAR-202110-0575


CVE

CVE-2021-38460


TITLE

Moxa MXview Network Management  Inadequate protection of credentials in software vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-013647

DESCRIPTION

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. Moxa MXview Network Management The software contains vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2021-38460 // JVNDB: JVNDB-2021-013647 // VULHUB: VHN-400075 // VULMON: CVE-2021-38460

AFFECTED PRODUCTS

vendor:moxamodel:mxviewscope:lteversion:3.2.2

Trust: 1.0

vendor:moxamodel:mxviewscope:gteversion:3.0

Trust: 1.0

vendor:moxamodel:mxviewscope:eqversion: -

Trust: 0.8

vendor:moxamodel:mxviewscope:eqversion:3.2.2 for up to 3.x

Trust: 0.8

sources: JVNDB: JVNDB-2021-013647 // NVD: CVE-2021-38460

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-38460
value: HIGH

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-38460
value: HIGH

Trust: 1.0

NVD: CVE-2021-38460
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202110-236
value: HIGH

Trust: 0.6

VULHUB: VHN-400075
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-38460
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-38460
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-400075
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-38460
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-013647
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-400075 // VULMON: CVE-2021-38460 // JVNDB: JVNDB-2021-013647 // CNNVD: CNNVD-202110-236 // NVD: CVE-2021-38460 // NVD: CVE-2021-38460

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:CWE-523

Trust: 1.0

problemtype:Inadequate protection of credentials (CWE-522) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-400075 // JVNDB: JVNDB-2021-013647 // NVD: CVE-2021-38460

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-236

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202110-236

PATCH

title:MXview Seriesurl:https://www.moxa.com/en/support/product-support/software-and-documentation/search?psid=53389

Trust: 0.8

title:Moxa MXview Network Management Software Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=165692

Trust: 0.6

sources: JVNDB: JVNDB-2021-013647 // CNNVD: CNNVD-202110-236

EXTERNAL IDS

db:NVDid:CVE-2021-38460

Trust: 3.4

db:ICS CERTid:ICSA-21-278-03

Trust: 2.6

db:JVNid:JVNVU91384521

Trust: 0.8

db:JVNDBid:JVNDB-2021-013647

Trust: 0.8

db:CS-HELPid:SB2021100607

Trust: 0.6

db:AUSCERTid:ESB-2021.3307

Trust: 0.6

db:CNNVDid:CNNVD-202110-236

Trust: 0.6

db:VULHUBid:VHN-400075

Trust: 0.1

db:VULMONid:CVE-2021-38460

Trust: 0.1

sources: VULHUB: VHN-400075 // VULMON: CVE-2021-38460 // JVNDB: JVNDB-2021-013647 // CNNVD: CNNVD-202110-236 // NVD: CVE-2021-38460

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03

Trust: 3.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-38460

Trust: 1.4

url:http://jvn.jp/vu/jvnvu91384521/index.html

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021100607

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3307

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/522.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-400075 // VULMON: CVE-2021-38460 // JVNDB: JVNDB-2021-013647 // CNNVD: CNNVD-202110-236 // NVD: CVE-2021-38460

CREDITS

Noam Moshe from Claroty reported these vulnerabilities to Moxa.

Trust: 0.6

sources: CNNVD: CNNVD-202110-236

SOURCES

db:VULHUBid:VHN-400075
db:VULMONid:CVE-2021-38460
db:JVNDBid:JVNDB-2021-013647
db:CNNVDid:CNNVD-202110-236
db:NVDid:CVE-2021-38460

LAST UPDATE DATE

2024-08-14T13:23:20.609000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-400075date:2022-10-25T00:00:00
db:VULMONid:CVE-2021-38460date:2021-10-19T00:00:00
db:JVNDBid:JVNDB-2021-013647date:2022-09-20T08:55:00
db:CNNVDid:CNNVD-202110-236date:2022-10-26T00:00:00
db:NVDid:CVE-2021-38460date:2022-10-25T15:27:34.237

SOURCES RELEASE DATE

db:VULHUBid:VHN-400075date:2021-10-12T00:00:00
db:VULMONid:CVE-2021-38460date:2021-10-12T00:00:00
db:JVNDBid:JVNDB-2021-013647date:2022-09-20T00:00:00
db:CNNVDid:CNNVD-202110-236date:2021-10-05T00:00:00
db:NVDid:CVE-2021-38460date:2021-10-12T14:15:08.630